Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/v0d68TgJqzxGhEfNV_uaki6jEew.roa
File:                     v0d68TgJqzxGhEfNV_uaki6jEew.roa (raw, json)
Hash identifier:          JVGw0/PjvZHtk13gyR6LPQyAYf0yCoiLIB2/LoRUYc0=
Subject key identifier:   BF:47:7A:F1:38:09:AB:3C:46:84:47:CD:57:FB:9A:92:2E:A3:11:EC
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       018CC5003CC75D102497854F544508113876
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/v0d68TgJqzxGhEfNV_uaki6jEew.roa
Signing time:             Mon 01 Jan 2024 12:29:36 +0000
ROA not before:           Mon 01 Jan 2024 12:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43182
IP address blocks:        2a0d:f740::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3c:c7:5d:10:24:97:85:4f:54:45:08:11:38:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan  1 12:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf477af13809ab3c468447cd57fb9a922ea311ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:57:20:b0:f9:9a:92:84:3a:2b:86:7b:52:61:
                    60:8a:56:cf:c2:66:37:d8:8e:23:85:c7:c6:b1:26:
                    b9:81:4d:59:13:c7:44:0c:a4:aa:11:73:f2:1d:28:
                    87:f6:c4:c8:c1:0b:37:da:af:29:e1:db:fc:ce:83:
                    3e:d7:eb:56:be:98:88:45:0c:7d:a4:c4:cc:f0:94:
                    07:f0:c5:c2:33:8d:a4:51:64:31:4b:d1:20:84:46:
                    fa:5c:5f:f3:48:a3:e7:72:80:19:a1:08:df:c2:09:
                    22:2e:30:25:f5:87:c6:3d:9c:eb:4a:1d:fe:e9:10:
                    02:60:10:80:07:a0:33:b6:80:4c:3a:90:c4:83:53:
                    52:1f:74:41:53:d4:71:06:72:b7:bc:b6:e6:b9:c0:
                    f6:44:09:f8:6a:ef:66:26:0a:c9:e9:0f:58:e3:c1:
                    46:cf:a2:09:aa:a0:2c:14:58:40:fc:09:53:6c:ed:
                    90:fa:83:01:ee:fd:d5:3d:16:03:0b:5d:79:83:32:
                    2f:f7:14:62:9b:11:78:98:bd:49:54:25:47:e4:60:
                    57:4e:d7:e5:24:db:1a:29:42:42:d3:23:f2:d2:57:
                    fb:cc:72:21:4d:38:c6:9b:01:0d:d6:b0:9a:b4:4f:
                    91:c1:21:f8:d6:6f:da:bb:ee:5a:0c:92:09:38:3f:
                    ee:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:47:7A:F1:38:09:AB:3C:46:84:47:CD:57:FB:9A:92:2E:A3:11:EC
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/v0d68TgJqzxGhEfNV_uaki6jEew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f740::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:9d:fd:88:06:94:7c:59:b0:fe:bf:da:ab:89:69:36:9f:7d:
         10:2a:4a:00:5a:c4:a7:da:ba:39:07:0e:c2:d2:e5:d9:e3:54:
         89:87:d1:49:35:16:53:a2:ef:da:7a:88:0e:f2:16:60:74:ea:
         17:7d:f3:95:39:bf:61:18:5d:fb:f5:4a:9d:20:3d:52:ff:73:
         e7:0a:78:51:45:dc:2e:fe:36:3e:01:15:15:a2:ad:1a:52:44:
         1f:84:c3:cc:90:33:de:49:56:f6:d9:49:26:ed:17:fe:41:e2:
         c9:64:8b:15:6e:42:f4:77:fc:64:bc:82:cc:a1:be:c3:cf:2a:
         78:3e:a8:99:7f:1f:fe:de:3b:c3:21:ea:15:df:d2:9c:07:4b:
         b5:5c:ca:13:32:33:53:a3:f5:b7:b7:4b:43:d4:aa:8b:bb:82:
         20:aa:b3:22:42:5c:b2:22:a8:51:8d:09:62:a3:7d:d9:27:f4:
         ed:c0:08:8a:93:47:60:45:71:01:f1:d8:cc:3d:ba:98:29:9a:
         c9:b4:23:39:48:12:c6:c5:87:28:f4:d0:63:7a:06:40:ea:cc:
         6a:17:d0:55:7f:d4:89:00:4a:72:e7:c6:db:93:d7:a2:b3:9c:
         13:8a:f8:4c:88:37:8f:cf:7a:9c:32:86:c5:88:72:60:ed:ad:
         2e:ef:d1:0b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFADzHXRAkl4VPVEUIETh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjQ3N2FmMTM4MDlhYjNjNDY4NDQ3Y2Q1N2ZiOWE5MjJlYTMxMWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1cgsPmakoQ6K4Z7UmFgilbPwmY3
2I4jhcfGsSa5gU1ZE8dEDKSqEXPyHSiH9sTIwQs32q8p4dv8zoM+1+tWvpiIRQx9
pMTM8JQH8MXCM42kUWQxS9EghEb6XF/zSKPncoAZoQjfwgkiLjAl9YfGPZzrSh3+
6RACYBCAB6AztoBMOpDEg1NSH3RBU9RxBnK3vLbmucD2RAn4au9mJgrJ6Q9Y48FG
z6IJqqAsFFhA/AlTbO2Q+oMB7v3VPRYDC115gzIv9xRimxF4mL1JVCVH5GBXTtfl
JNsaKUJC0yPy0lf7zHIhTTjGmwEN1rCatE+RwSH41m/au+5aDJIJOD/uwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL9HevE4Cas8RoRHzVf7mpIuoxHsMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvdjBkNjhUZ0pxenhHaEVmTlZfdWFraTZqRWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg33QDAN
BgkqhkiG9w0BAQsFAAOCAQEAAp39iAaUfFmw/r/aq4lpNp99ECpKAFrEp9q6OQcO
wtLl2eNUiYfRSTUWU6Lv2nqIDvIWYHTqF33zlTm/YRhd+/VKnSA9Uv9z5wp4UUXc
Lv42PgEVFaKtGlJEH4TDzJAz3klW9tlJJu0X/kHiyWSLFW5C9Hf8ZLyCzKG+w88q
eD6omX8f/t47wyHqFd/SnAdLtVzKEzIzU6P1t7dLQ9Sqi7uCIKqzIkJcsiKoUY0J
YqN92Sf07cAIipNHYEVxAfHYzD26mCmaybQjOUgSxsWHKPTQY3oGQOrMahfQVX/U
iQBKcufG25PXorOcE4r4TIg3j896nDKGxYhyYO2tLu/RCw==
-----END CERTIFICATE-----